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DETAILED ACTION 

1 . Claims 1 -45 are pending for consideration. 



Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 1-11 and 12-17 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. Those claims are directed to 
simulating the execution of all executions paths of one or more assemblies in managed 
code, which recite computer software components for manipulating data. 

Data structure is not claimed as embodied in computer-readable media are 
descriptive material per se and are not statutory because they are not capable of 
causing functional change in the computer. See, e.g., Warmerdam, 33 F.3d at 1361, 31 
USPQ2d at 1760. Such claimed data structures do not define any structural and 
functional interrelationship between the data structure and other claimed aspects of the 
invention which permit the data structure's functionality to be realized. 

In contrast, a claimed computer-readable medium encoded with a data structure 
defines structural and functional interrelationship between the data structure and the 
computer software and hardware components which permit the data structure's 
functionality to be realized, and is thus statutory. 

Claims 19-25 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Those claims recite one or more computer- 
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readable media comprising instructions to execute codes in managed code. However, 
in the specification, on page 21, paragraphs 0053-0055, Applicant recites "computer 
readable media may comprise computer storage media and communications 
media"... communication media typically embodies data structures, program modules, 
or... a modulated data signal, such as carrier wave." According to the MPEP, Claims 
that recite nothing but the physical characteristics of a form of energy, such as a 
frequency, voltage, or the strength of a magnetic field, define energy or magnetism, per 
se, and as such are nonstatutory natural phenomena. O'Reilly, 56 U.S. (15 How.) at 
1 12-14. Moreover, it does not appear that a claim reciting a signal encoded with 
functional descriptive material falls within any of the categories of patentable subject 
matter set forth in § 101 . 

Claims 26-45 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Those claims recite a/an apparatus/device but 
the apparatus/device is not limited to a tangible medium. Data structure is not claimed 
as embodied in computer-readable media are descriptive material per se and are not 
statutory because they are not capable of causing functional change in the computer. 
See, e.g., Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760. Such claimed data 
structures do not define any structural and functional interrelationship between the data 
structure and other claimed aspects of the invention which permit the data structure's 
functionality to be realized. 



Claim Rejections - 35 USC §112 
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3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 1-45 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

5. Regarding claims 1-45, the limitation "managed code" is not clear to the 
Examiner. Applicant needs to further specify what the "managed code" means. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

7. Claims 1-45 are rejected under 35 U.S.C. 102(b) as being anticipated by Koved 
et al. (reference U) (hereinafter Koved). 

8. Regarding claim 1, Koved discloses simulating the execution of all execution 
paths of one or more assemblies in managed code to find a set of required permissions 
for each said execution path, wherein: the managed code is a managed shared library 
or an executable (Koved: on page 1, column 2, under INTRODUCTION heading, 
second paragraph: "developer reads ... libraries used (including the Java run-time 
libraries") and reduces the required access rights); and each call in each execution path 
has a corresponding said permissions set (Koved: on page 2, column 1 , first and 
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second paragraph; and page 3, column 1 , first paragraph: "this paper describes a 
technique... automatically determine access rights required by Java programs or 
libraries... we computes the set of Permission objects to associate with each program 
point by constructing an access rights invocation graph (ARIG) to propagate the access 
rights." "Permission. implies... but to discover authorization requirements by analyzing 
all possible paths through the program."). 

9. Regarding claim 2, Koved discloses wherein the execution paths for only one 
said assembly in managed code are simulated to find the set of required permissions for 
each said execution path by a union of the permissions for each said execution path 
(Koved: on page 2, column 2, third paragraph; page 3, column 1, first paragraph; and 
page 3 and page 4, under Authorization Model section: "In this paper.. .an invocation 
graph and data flow analysis... more accurate authorization information." "Our 
approach... discover authorization requirements by analyzing all possible paths through 
the program." "It can be seen. ..the value of Required Permissions (n) (i.e., RP(n)) at 
the input to a node n...by means of a set of union operation"). 

10. Regarding claim 3, Koved discloses wherein: the one or more assemblies in 
managed code correspond to an application (Koved: page 3, column 1, third paragraph: 
"Each Java application class... associated with a set of right, or privileges, granted to the 
code); and the set of required permissions for each said execution path comprises a 
union of the permissions for each said execution path (Koved: page 3, column 2; and 
page 4 column 2: "Since, in general... along paths towards nodes in Nstart. This 
process associates a set of required requirements RP(n) with each node n in Nstart. 
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More precisely, it computes RP(n) for all n belong to N". "It can be seen that the data 
flow... by means of a set union operation"). 

1 1 . Regarding claim 4, Koved discloses wherein: the assemblies in managed code 
correspond to a shared library (Koyed: page 8, column 1 , third paragraph: "For a given 
application or classes in a library... identify the set of Java 2 Permissions required for 
each class in the analysis scope"); and the set of required permissions for each said 
execution path comprises one separate permission set per entry point in the shared 
library (Koved: on page 1, under ABSTRACT section; and page 2, column 1, under 
Prior Work section: "This paper presents... compute at each program point the set of 
access rights required by the code"... "authorization tests. ..to the current approach to 
defining authorization points within code"). 

12. Regarding claim 5, this claim has limitations that is similar to those of claims 2 
and 3, thus it is rejected with the same rationale applied against claims 2 and 3 above. 

1 3. Regarding claim 6, Koved discloses wherein one of more of the calls in at least 
one said execution path is an cross assembly call (Koves: on page 2, column 2, third 
paragraph: "In the aforementioned works.. Java runtime calls one of the 
SecurityManager authorization methods... to correctly identify authorization 
requirements"). 

14. Regarding claim 7, Koved discloses wherein: the managed code is built to make 
use of a common language runtime (on page 2, column 2, third paragraph: "In the 
aforementioned works... Java runtime calls one of the SecurityManager authorization 
methods... to correctly identify authorization requirements"); each said assembly is 
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packaged as an executable entity or as a data link library entity and each said assembly 
includes one or more methods (Koved: on page 1, under ABSTRACT section; and page 
7, column 2, second and third paragraph: "The tool... to identify the access rights 
requirements for the product to enable it to run using Java 2 security model"). 

15. Regarding claim 8, Koved discloses wherein the simulation of the execution of 
each said execution path comprises a simulation of the flow of argument data using 
intra and extra method data flow analysis for each said method (Koved: on page 2, 
column 1, second and third paragraph; and page 6, column 2, second paragraph: "To 
summarize... We present a context sensitive, flow sensitive analysis for computing the 
access rights requirements of a program." "To minimize conservativeness...the order of 
execution of instructions both intra- and inter procedurally thus improving the accuracy 
of the resulting graph"). 

16. Regarding claim 9, Koved discloses wherein when the executable has 
permissions to execute that are not less than a union of permission sets for each said 
execution path, any dynamic execution of the executable will not trigger a security 
exception (Koved: on page 3, under Authorization Model-Access Rights Invocation 
Graph section; page 7, column 1, second paragraph; and page 8, column 1, first 
paragraph: "Performance is improved... NullPointerException in package..."). 

17. Regarding claim 10, Koved discloses wherein the simulation of the execution 
comprises, for each said execution path, one or more simulated stack walks that each 
include a plurality of said assemblies (Koved: on page 3, column 1, first paragraph). 



Application/Control Number: 10/772,207 Page 8 

Art Unit: 2131 

18. Regarding claim 11, Koved discloses a computer readable medium including 
machine readable instructions for implementing the method as defined in claim 1 
(Koved: on page 4, column 1 , third paragraph). 

19. Regarding claim 12, this claim has limitations that is similar to those of claims 1- 
6, thus it is rejected with the same rationale applied against claims 1-6 above. 

20. Regarding claim 13, Koved discloses wherein the manage code environment 
comprises: a managed code portion including: the assemblies (Koved: see ABSTRACT 
section); and a virtual machine (Koved: on page 3, column 1, paragraph 3: "Each Java 
application... the Java Virtual Machine... to the code"); a native code portion including: 
an execution engine for the virtual machine (Koved: see ABSTRACT section: 
"Java... protects systems... execute the code. ..in deployed systems"); and an operating 
system under the execution engine (Koved: see ABSTRACT section: "Java... protects 
systems... execute the code... in deployed systems"). 

21 . Regarding claim 14, this claim has limitations that is similar to those of claim 7, 
thus it is rejected with the same rationale applied against claim 7 above. 

22. Regarding claim 1 5, this claim has limitations that is similar to those of claim 9, 
thus it is rejected with the same rationale applied against claim 9 above. 

23. Regarding claim 1 6, this claim has limitations that is similar to those of claim 1 0, 
thus it is rejected with the same rationale applied against claim 10 above. 

24. Regarding claim 17, Koved discloses wherein the managed code environment 
enforces partial trust security contexts (Koved: on page 3, column 1, 2 paragraph: 
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"Rather than analyzing... enforce specific security policies... updated to enable the code 
to execute"). 

25. Regarding claim 1 8, this claim has limitations that is similar to those of claim 1 1 , 
thus it is rejected with the same rationale applied against claim 1 1 above. 

26. Regarding claim 19, Koved discloses instructions that, when executed, perform a 
simulation of the execution of every data and control flow for managed code from which 
an estimate is derived of the minimum security requirements needed to dynamically 
execute the managed code without triggering a security exception (Koved: on page 1, 
column 1; page 7 under Generation of a Security Policy Decryption section; and page 1, 
column 2, third paragraph, second paragraph: " This paper presents... computing the 
access rights requirements"). 

27. Regarding claim 20, this claim has limitations that is similar to those of claim 7 
and 14, thus it is rejected with the same rationale applied against claims 7 and 14 
above. 

28. Regarding claim 21, this claim has limitations that is similar to those of claim 13, 
thus it is rejected with the same rationale applied against claim 13 above. 

29. Regarding claim 22, this claim has limitations that is similar to those of claim 20, 
thus it is rejected with the same rationale applied against claim 20 above. 

30. Regarding claim 23, this claim has limitations that is similar to those of claim 10, 
thus it is rejected with the same rationale applied against claim 10 above. 

31 . Regarding claim 24, this claim has limitations that is similar to those of claim 16, 
thus it is rejected with the same rationale applied against claim 16 above. 
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32. Regarding claim 25, this claim has limitations that is similar to those of claim 17, 
thus it is rejected with the same rationale applied against claim 17 above. 

33. Regarding claim 26, Koved discloses virtual machine means, in a managed code 
portion, for operating a plurality of assemblies in managed code, wherein the managed 
code is a managed shared library or an executable and is in the managed code portion; 
execution engine means, in a native code portion, for the virtual machine means 
(Koved: on page 3, column 1, third paragraph: "Each Java application class. ..Java 
Virtual Machine... privileges, granted to the code"); means, in a native code portion, for 
providing an operating system (Koved: on page 3, column 1, third paragraph; and page 
4, column 1, first paragraph: "Each Java application class. ..Java Virtual 

Machine... privileges, granted to the code"); means for making a call for access by one 
said assembly to another said assembly for which a permissions set is required (Koved: 
see ABSTRACT section on page 1); means for gathering the permissions set from each 
said call (Koved: on page 4, column 1, second paragraph); means for deriving a union 
of the gathered permissions sets (Koved: on page 3 under Authorization Model-Access 
Rights Invocation Graph section); and means for simulating the execution of all possible 
execution paths for the managed shared library or the executable to derive therefrom 
the derived union of the gathered permissions sets (Koved: on page 3 under 
Authorization Model-Access Rights Invocation Graph section). 

34. Regarding claim 27, Koved discloses means for compiling the assemblies from 
an intermediate language code and metadata into native code; and means for loading 
the native code with a Common Language Runtime (CLR) loader in the native code 
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portion to load the compiled native code, wherein the execution engine means executes 
the compiled native code in the native code portion (Koved: on page 3, column 1 , first 
paragraph: "Permission. implies. . .test cases"). 

35. Regarding claim 28, Koved discloses wherein the managed code portion further 
comprises one or more files associated with user code that, when compiled into an 
intermediate language code and metadata generated by a language compiler, are 
represented by the assemblies (Koved: on page 3, column 1, third paragraph: "Each 
Java application class... Java Virtual Machine... privileges, granted to the code"). 

36. Regarding claim 29, Koved discloses wherein the execution engine means in the 
native code portion further comprises a compiler to compile each said assembly into 
native code for execution by the native code portion (Koved: on page 3, column 1 , third 
paragraph: "Each Java application class... Java Virtual Machine... privileges, granted to 
the code"). 

37. Regarding claim 30, Koved discloses wherein the execution engine means in the 
native code portion further comprises: a Just In Time (JIT) compiler to compile each 
said assembly into native code; and a CLR loader to load the compiled native code for 
execution by the native code portion (on page 3, column 1, third paragraph: "Each Java 
application class... Java Virtual Machine... privileges, granted to the code"). 

38. Regarding claim 31 , Koved discloses means, in the native code portion, for 
forming a response to the call; and means for returning the response to the first 
assembly in the managed code portion (Koved: on page 3, column 1, third paragraph; 
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and page 4, column 1, first paragaraph: "Each Java application class... Java Virtual 
Machine... privileges, granted to the code"). 

39. Regarding claim 32, Koved discloses wherein: the managed code is built to make 

i 

use of a common language runtime; each said assembly is packaged as an executable 
entity or as a data link library entity; and each said assembly includes one or more 
methods (Koved: on page 1, under ABSTRACT section; and page 7, column 2, second 
and third paragraph: "The tool... to identify the access rights requirements for the 
product to enable it to run using Java 2 security model"). 

40. Regarding claim 33, Koved discloses wherein the simulation of the execution 
comprises, for each said execution path, a simulation of the flow of argument data using 
intra and extra data flow analysis for each said method (Koved: on page 2, column 1, 
second and third paragraph; and page 6, column 2, second paragraph: "To 
summarize... We present a context sensitive, flow sensitive analysis for computing the 
access rights requirements of a program." "To minimize conservativeness...the order of 
execution of instructions both intra- and inter procedurally thus improving the accuracy 
of the resulting graph"). 

41. Regarding claim 34, this claim has limitations that is similar to those of claim 9, 
thus it is rejected with the same rationale applied against claim 9 above. 

42. Regarding claim 35, this claim has limitations that is similar to those of claim 10, 
thus it is rejected with the same rationale applied against claim 10 above. 

43. Regarding claim 36, Koved discloses wherein each call in each said simulated 
stack walk has a corresponding said permissions set (Koved: on page 3 under 
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Authorization Model-Access Rights Invocation Graph section: "For any node.. .set of 
required Permissions for n"). 

44. Regarding claim 37, this claim has limitations that is similar to those of claim 17, 
thus it is rejected with the same rationale applied against claim 17 above. 

45. Regarding claim 38, this claim has limitations that is similar to those of claim 26, 
thus it is rejected with the same rationale applied against claim 26 above. 

46. Regarding claim 39, this claim has limitations that is similar to those of claims 27 
and 28, thus it is rejected with the same rationale applied against claims 27 and 28 
above. 

47. Regarding claim 40, this claim has limitations that is similar to those of claim 30, 
thus it is rejected with the same rationale applied against claim 30 above. 

48. Regarding claim 41 , this claim has limitations that is similar to those of claim 22, 
thus it is rejected with the same rationale applied against claim 22 above. 

49. Regarding claim 42, this claim has limitations that is similar to those of claim 8, 
thus it is rejected with the same rationale applied against claim 8 above. 

50. Regarding claim 43, this claim has limitations that is similar to those of claims 9 
and 15, thus it is rejected with the same rationale applied against claims 9 and 15 
above. 

51 . Regarding claim 44,this claim has limitations that is similar to those of claim 1 0, 
thus it is rejected with the same rationale applied against claim 10 above. 

52. Regarding claim 45, this claim has limitations that is similar to those of claim 1 7, 
thus it is rejected with the same rationale applied against claim 17 above. 
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Conclusion 

53. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

• Kershenbaum et al. discloses method and apparatus for automatically determining 
optimum placement of privileged code locations in existing code (US 
2004/0040017). 

• Stefik et al. discloses method and apparatus for executing code in accordance with 
usage rights (US 2003/0225698). 

• Anand et al. discloses flexible and dynamic derivation of permissions (US 6044466). 

• Sun et al. discloses packaging system for customizing software (US 20040237067). 

• Gong discloses secure class resolution, loading and definition (US 6044467). 

• Apperson et al. discloses system and method for safety distributing executable 
objects (US 5978484). 

• Griffin et al. discloses trusted delegation system (US 5958050). 

• Koved discloses multiple resource or security contexts in a multithreaded application 
(US 5915085). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Trang Doan whose telephone number is (571) 272- 
0740. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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